[OE-core] [oe] BlueZ old releases have new checksums
Denys Dmytriyenko
denis at denix.org
Wed Jan 4 22:02:45 UTC 2012
On Wed, Jan 04, 2012 at 12:53:25PM -0800, Khem Raj wrote:
> On Wed, Jan 4, 2012 at 12:14 PM, Chris Larson <clarson at kergoth.com> wrote:
> > On Wed, Jan 4, 2012 at 11:14 AM, Denys Dmytriyenko <denis at denix.org> wrote:
> >> The main archive of BlueZ/obexd/hcidump releases on kernel.org[1] finally
> >> re-appeared after missing for long time since kernel.org compromise.
> >> Unfortunately, all previous tarballs have new checksums, breaking builds for
> >> anyone w/o previous copy cached. Old copies were also extensively mirrored,
> >> so you never know which one you fetch next time...
> >
> > Heh, checksums changing after a security compromise, that's worrisome
> > :) should diff their contents to see what's going on, or whether its
> > just a gzip timestamp change or something.
>
> exactly. Make sure the tars are sane
Well, according to BlueZ maintainer[1], he gave the correct tarballs to
kernel.org people, but for some reason they untarred and re-packed them.
There's only 4 bytes difference, presumably timestamp...
[1] http://thread.gmane.org/gmane.linux.bluez.kernel/20040/focus=20041
--
Denys
More information about the Openembedded-core
mailing list